Echo Protocol Loses $77 Million in eBTC Minting Attack on Monad
May 19, 2026 — Echo Protocol, a Bitcoin-focused DeFi platform, suffered an exploit resulting in approximately $77 million in losses after an attacker minted roughly 1,000 unauthorized eBTC tokens on the Monad blockchain. The attacker used a compromised admin key to mint the tokens, then borrowed wrapped Bitcoin (WBTC) worth $3.45 million against some funds on Curvance before laundering the proceeds through Tornado Cash.
Immediate Details & Direct Quotes
Want to trade this news? Bitget offers professional charting tools and deep liquidity.
The attack was first flagged by blockchain security firm PeckShield on Tuesday. The attacker gained control of an administrative key, allowing them to mint approximately 1,000 eBTC tokens valued at around $77 million. After minting the tokens, the attacker borrowed WBTC against collateral in the Curvance money market and reward layer.
Echo Protocol confirmed it regained control of the compromised admin keys and burned the remaining 955 eBTC still held by the attacker. The team quickly moved to secure the platform.
“We have paused cross-chain functionality for the Monad deployment and completed an upgrade of the relevant Monad contract to restrict affected operations and strengthen control over sensitive functions,” Echo Protocol stated on X.
The protocol added that while the Aptos bridge was not directly affected, all bridge operations were paused as a precaution. “Although the Aptos bridge has not been affected, we have fully paused Aptos bridge operations as a precautionary measure while our review continues,” the team said.
Market Context & Reaction
The exploit adds to a growing list of high-profile DeFi hacks in recent weeks. The largest incidents targeted Drift Protocol and KelpDAO, each losing well over $200 million. The Echo Protocol attack demonstrates continued vulnerabilities in cross-chain DeFi infrastructure, particularly around admin key security.
Echo Protocol primarily operates on the Aptos network but expanded to Monad and other chains to offer users synthetic bitcoin representations like eBTC. The platform provides liquidity and yield opportunities on bitcoin holdings. Market reaction details regarding the eBTC token or related assets were not immediately available.
The attacker laundered funds through Tornado Cash, a cryptocurrency mixer often used to obfuscate transaction trails, making recovery efforts more challenging. Security experts emphasize that compromised admin keys remain one of the most common attack vectors in DeFi.
Background & Historical Context
Echo Protocol launched as a Bitcoin-focused decentralized finance platform, allowing users to generate yield on their bitcoin holdings through synthetic representations such as eBTC. Its primary infrastructure resides on the Aptos blockchain, a layer-1 network known for high throughput.
The protocol expanded to Monad as part of broader multichain growth strategy. This attack represents one of the first major security incidents on Monad’s ecosystem. The broader DeFi sector has faced increasing scrutiny over security practices, with cross-chain bridges and admin key management emerging as primary weaknesses.
The recent wave of exploits has prompted protocols to reevaluate their security architectures, particularly around privileged access controls and emergency response procedures. Echo Protocol’s swift action to pause cross-chain functionality and upgrade contracts reflects industry-standard incident response practices.
What This Means
Echo Protocol’s immediate priority is completing its security review and determining when to resume normal operations. The burning of 955 eBTC significantly reduces potential losses but highlights the challenge of preventing unauthorized token minting when admin keys are compromised.
For users, this incident reinforces the importance of understanding protocol security measures, particularly around admin key management and cross-chain functionality. The attack may accelerate calls for more robust key management solutions, such as multisig wallets and timelock mechanisms.
Long-term implications include potential increased regulatory scrutiny on DeFi protocols and heightened user demand for transparency around security audits and admin key custody. The DeFi sector continues to balance innovation speed with security rigor, with each exploit underscoring the costs of inadequate protections.